I've been using unattended-upgrades to great effect for a couple years now to keep a small lab of Debian/Ubuntu systems up to date. My users don't like losing their batch jobs when the automatic reboot happens though, so I set it to only happen once a week:
and in practice this really means once every two weeks, because it only really triggers when the kernel gets an update. This two week cycle has reduced the friction with my users but it still means an occasional unlucky batch job dies overnight and has to be re-run.
Today I learned about Automatic-Reboot-WithUsers (by reading the code, the debian wiki doesn't mention it). That seems like it would be ideal! It would mean batch jobs could block the shutdown. However, if I add it to my current config
it goes too far in the other direction, meaning the required reboot can't happen until at least the next week.
Code Trace
If I understand this correctly:
https://github.com/mvo5/unattended-upgrades/blob/5f979a25fda0f399a6c426e9972ed4c2a0e15cf0/unattended-upgrade#L2107-L2109
plus this default:
https://github.com/mvo5/unattended-upgrades/blob/5f979a25fda0f399a6c426e9972ed4c2a0e15cf0/unattended-upgrade#L650
plus
https://github.com/mvo5/unattended-upgrades/blob/5f979a25fda0f399a6c426e9972ed4c2a0e15cf0/unattended-upgrade#L2060-L2065
Means it can't try to reboot unless it's an update day. In fact it won't try unless it gets all the way through `run()` -- any error will throw it off, jamming up the reboot cycle (probably making the system state more fragile).
---
I'm hoping I can arrange it so that if /var/run/upgrade-required exists but Unattended-Upgrade::Automatic-Reboot-WithUsers "false", then unattended-upgrades will reboot as soon as (or close to) everyone logs out. Is this possible?
and then it run once a day, but only once a day, so it's likely it will miss its window of opportunity -- a single stray idle connection will block the reboot.
An alternate solution, though I haven't tested, is to instead set
but I'd rather keep everything tidy inside unattended-upgrades.
Is there a canonical way to configure unattended-upgrades on multiuser systems? Thank you in advance for taking the time to read through this and any pointers you can toss back my way. :cherry_blossom:
I've been using unattended-upgrades to great effect for a couple years now to keep a small lab of Debian/Ubuntu systems up to date. My users don't like losing their batch jobs when the automatic reboot happens though, so I set it to only happen once a week:
and in practice this really means once every two weeks, because it only really triggers when the kernel gets an update. This two week cycle has reduced the friction with my users but it still means an occasional unlucky batch job dies overnight and has to be re-run.
Today I learned about
Automatic-Reboot-WithUsers
(by reading the code, the debian wiki doesn't mention it). That seems like it would be ideal! It would mean batch jobs could block the shutdown. However, if I add it to my current configit goes too far in the other direction, meaning the required reboot can't happen until at least the next week.
Code Trace
If I understand this correctly: https://github.com/mvo5/unattended-upgrades/blob/5f979a25fda0f399a6c426e9972ed4c2a0e15cf0/unattended-upgrade#L2107-L2109 plus this default: https://github.com/mvo5/unattended-upgrades/blob/5f979a25fda0f399a6c426e9972ed4c2a0e15cf0/unattended-upgrade#L650 plus https://github.com/mvo5/unattended-upgrades/blob/5f979a25fda0f399a6c426e9972ed4c2a0e15cf0/unattended-upgrade#L2060-L2065 Means it can't try to reboot unless it's an update day. In fact it won't try unless it gets all the way through `run()` -- any error will throw it off, jamming up the reboot cycle (probably making the system state more fragile). ---I'm hoping I can arrange it so that if
/var/run/upgrade-required
exists butUnattended-Upgrade::Automatic-Reboot-WithUsers "false"
, thenunattended-upgrades
will reboot as soon as (or close to) everyone logs out. Is this possible?I could drop the weekly schedule
and then it run once a day, but only once a day, so it's likely it will miss its window of opportunity -- a single stray idle connection will block the reboot.
An alternate solution, though I haven't tested, is to instead set
and then write a separate, more aggressive, cronjob that reimplements the
Automatic-Reboot-WithUsers
logic:but I'd rather keep everything tidy inside
unattended-upgrades
.Is there a canonical way to configure unattended-upgrades on multiuser systems? Thank you in advance for taking the time to read through this and any pointers you can toss back my way. :cherry_blossom: